General discussion

Locked

How Do You Unlock A File

By kcav ·
I can nolonger initialize a program. Instead I am told the file is locked, use the Properties command in Windows Explorer. When I click on Poperties in WE, there is no Unlock command. What should I know about Locked files that I don't know?

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

check the file security settings

by Deadly Ernest In reply to How Do You Unlock A File

whilst logged on as an administrator use the MS Explorer function to find the file then right click and check what security settings the file has, then compare the executable permissions with the approval level of the log on you were trying to use.
I often restrict the use of applications byt setting the executable permission to power user and then those with guest or user permissions can not open the application. Great for saying who can and cant use an application.

Collapse -

by kcav In reply to check the file security s ...

Thank you for replying to my post. Read your response carefully, then tried to follow instructions.

I am logged on as Administrator for the workstation. Using MS Explorer, I opened the security tab on the Properties sheet for the folder where the programs are stored. Repeated same proceedure for the main program. It listed users and permissions. Said nothing about being locked out.

Went to Local Uers and Groups snap-in. Found my myself, and displayed my Properties sheet. On the General tab there is a field for Account is locked out, but it is grayed out, and not checked.

What should I do?

Collapse -

This is how I do it

by Deadly Ernest In reply to

I access the 'User' settings via 'Control Panel', 'Administrative Tools', 'Computer Management' (I actually have a shortcut to this on the desktop). Then in the 'Groups' I assign general ability policies to the various groups, and then assign individual groups to the user accounts in the 'User' section. I allow both the 'User' and 'Power User' groups to be able to run application programs and to view directories etc.

Next is the important part that many miss.
I then use 'My Computer' to locate the executable file by opening the harddrive, then the directories etc until I get to the one I want. Having found the file that will open and run the application I 'right-click' on it to open the menu, then open 'Properties', this olpens a box that has some tabs. One is 'Security', you open this tab.

This opens a box with two windows. The top one shows the various groups and/or users that can do things on the system; the bottom shows the access permissions that they have. You highlight one of the groups or users (depending upon your needs; I usually assign restricted ones to Power User group and genral ones to User group) and then go down to the acces options and click on the box beside the option you wish to change. the existing accesses will show as greyed ticks. You can assign accesses or deny access based on a group or a user. Just assign the 'Execute' privilege to the group or user you need it for. This is similar to using the CHMOD commands in Unix to assign privileges.
If the relevant acces box is already grey, then they should already have that access privilege.

If you need more detailed help send me an e-mail at ebywater@bigpond.net.au and I will do up a sheet with screenshots for you.

Collapse -

I am going to try the same approach.

by kcav In reply to This is how I do it

I understand you use two pre-built groups to separate those who have the right to configure your system, from those who run applications. i am goint to try the same thing.

My DBA?s logon name is Jeff. Here is, step-by-step, what I did to create an account for Jeff and assign membership to the Power User group.

1)Clicked on Computer Management snap-in inside my Microsoft Management Console. I named the console EDBS Administrative Tools.
2)Clicked on Groups inside the Local Users and Groups snap-in on tree under Computer Management (Local), System Tools.
3)This displayed the names of the groups on the system in the left window. Included were: Administrators, Backup Operators, Guests, Power Users, Replicator, and Users.
4)I clicked on Power Users. A Properties sheet popped-up. There were no members on it. The description field said,? Power Users possess most administrative powers with some restrictions. Thus, Power Users can run legacy applications in addition to certified applications.? I clicked Cancel.
5)I clicked on Users. A Users properties sheet pops-up. There are three members on it: ASPNET, NT ATHOURITY\Authenticated Users, and NT AUTHORITY\INTERACTIVE. The description field says, ? Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications. I removed these users. There are now no members in the Users group.

Continued on next post

Collapse -

Use of Pre-built User Groups

by kcav In reply to I am going to try the sam ...

Continued: Create an account for Jeff and assign membership to the Power User group.

Right click on Users,and clicked on New User in the pop-up window. Filled in the following information:
User Name: Jeff
Full Name: Jeffery G. Cavanaugh
Description: Database Administrator for EDB.
Password: *********
Confirm password: *********
Checked box: Password never expires
2)Clicked the Create button, clicked Close, Jeff appeared in the left window under Users.
3)Clicked on Jeff. A Properties sheet for Jeff appeared with three tabs.
4)Clicked on the Member Of tab. It had Jeff assigned to the Users group! I want him to belong to Power Users. The delete button is inaccessible!
5)I clicked on the Add button. A window pops-up. Under Name is Power Users. I clicked on Powers Users, and the name pops up in a window directly below where the Group Names are shown. I clicked the OK button, Jeff Properties sheet pops-up. On the Member of tab it lists both Power Users and Users. I Clicked OK

Before going onto work with permissions. I would like to consider what has happened so far.

Jeff?s role as DBA will include performing Backups and if necessary Replicate; should I make him a member of these groups? He already belongs totwo groups, Power Users, and Users. If he belongs to four groups, how do I make Power Users the default group, or should I remove membership in these other groups from his properties sheet?

Everyone ion the server should be authorized. I do notwant any unauthorized Guests. What should I do to create this situation?

I don?t know what my password policy should be? My thought is, if it is easy for passwords to be stolen, I might as well allow unauthorized guests. I believe I should implement a tough password policy.

I wonder what scripts and profiles to setup.

Collapse -

User groups

by Deadly Ernest In reply to Use of Pre-built User Gro ...

The default user groups in Microsoft systems usually work as a hierachy in that they have the pnes below them as default. However, I find it best to give someone access to all the groups I want or to create a specific group for what is wanted. I also disable the default users like NT Authority etc that you mention, I set them with an unchangeable password that I know and then disable the user. I do the same for all the MS remote access stuff as well. if I wont them to access my system I can re-enable at that time.

Back to Security Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums